In DFIR, we commonly see that the median hops needed to get access of Domain Admin credentials is three. Meaning that when compromised, a TA moves laterally up to three separate systems before getting DA.

In this session, we will talk about how we must get back to basics and protect our sensitive privileges via Tiering and how Authentication Policy Silos provides locking effects on your Domain Administrators.